You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This EPIC is to track outstanding certificate requests and provide a summary view.
Artifactory
The Artifactory repository service has been launched with the artifacts.developer.gov.bc.ca service name. There is an additional requirement to provide proxied image-registry service names with a naming convention of {image-repo}.artifacts.developer.gov.bc.ca. This requires a wildcard certificate for the proxied services.
A request for the following wildcard certificate was made, and has been rejected. An exception process is underway.
Api and wildcard certificates are required for the OCP 4 platform. Currently we have identified the following names (and certificate requirements) for 3 of the OCP 4 clusters (Note: if names are required to change, we need to adjust ASAP as we are already rolling with these names and will need to change some existing work) Requests have been made, and are pending additional information to be sent, however it is expected that the requests will be rejected and will require some sort of exemption.
Kamloops Operations Lab
*.apps.cowichan.devops.gov.bc.ca - wildcard for application proxy service
api.cowichan.devops.gov.bc.ca - api endpoint for automation and tool access
Calgary Operations Lab
*.apps.thetis.devops.gov.bc.ca - wildcard for application proxy service
api.thetis.devops.gov.bc.ca - api endpoint for automation and tool access
Kamloops Developer-Prod-1
*.apps.pacific.devops.gov.bc.ca - wildcard for application proxy service
api.pacific.devops.gov.bc.ca - api endpoint for automation and tool access
The KeyCloak SSO service is being re-branded to leverage its own service name instead of the sso.pathfinder.gov.bc.ca service name. The name of the new service is oidc.gov.bc.ca. A request for a wildcard certificate for *.oidc.gov.bc.ca was requested and rejected. The following is an idea for modifying our certificate request to specific DNS names (which may be easier to get approval for):
oidc.gov.bc.ca (possibly prod.oidc.gov.bc.ca as well?)
test.oidc.gov.bc.ca
dev.oidc.gov.bc.ca
In order to develop and test new features for integration into the service, the following is an idea for a wildcard service name:
This EPIC is to track outstanding certificate requests and provide a summary view.
Artifactory
The Artifactory repository service has been launched with the
artifacts.developer.gov.bc.ca
service name. There is an additional requirement to provide proxied image-registry service names with a naming convention of{image-repo}.artifacts.developer.gov.bc.ca
. This requires a wildcard certificate for the proxied services.A request for the following wildcard certificate was made, and has been rejected. An exception process is underway.
*.artifacts.developer.gov.bc.ca
- proxied repository namesSee the following project tickets:
#651
BCDevOps/developer-experience#96
OCP 4
Api and wildcard certificates are required for the OCP 4 platform. Currently we have identified the following names (and certificate requirements) for 3 of the OCP 4 clusters (Note: if names are required to change, we need to adjust ASAP as we are already rolling with these names and will need to change some existing work) Requests have been made, and are pending additional information to be sent, however it is expected that the requests will be rejected and will require some sort of exemption.
Kamloops Operations Lab
*.apps.cowichan.devops.gov.bc.ca
- wildcard for application proxy serviceapi.cowichan.devops.gov.bc.ca
- api endpoint for automation and tool accessCalgary Operations Lab
*.apps.thetis.devops.gov.bc.ca
- wildcard for application proxy serviceapi.thetis.devops.gov.bc.ca
- api endpoint for automation and tool accessKamloops Developer-Prod-1
*.apps.pacific.devops.gov.bc.ca
- wildcard for application proxy serviceapi.pacific.devops.gov.bc.ca
- api endpoint for automation and tool accessSee the following project ticket:
https://app.zenhub.com/workspaces/openshift-4-build-out-5db73142897668000144f22b/issues/bcdevops/openshift4-rollout/176
KeyCloak (SSO)
The KeyCloak SSO service is being re-branded to leverage its own service name instead of the
sso.pathfinder.gov.bc.ca
service name. The name of the new service isoidc.gov.bc.ca
. A request for a wildcard certificate for*.oidc.gov.bc.ca
was requested and rejected. The following is an idea for modifying our certificate request to specific DNS names (which may be easier to get approval for):oidc.gov.bc.ca
(possiblyprod.oidc.gov.bc.ca
as well?)test.oidc.gov.bc.ca
dev.oidc.gov.bc.ca
In order to develop and test new features for integration into the service, the following is an idea for a wildcard service name:
*.sandbox.oidc.gov.bc.ca
See the following project ticket:
Create DNS record + SSL Cert for new KC SSO developer-experience#138
The text was updated successfully, but these errors were encountered: